TaurusDB
TaurusDB
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Usage Rules
- Billing Management
- Data Migration
- Instance Lifecycle Management
- Instance Modifications
- Read Replicas
- Database Management
- Account Management (Non-Administrator)
- Data Security
- Data Backups
- Data Restorations
- Connection Management
-
Parameter Template Management
- Creating a Parameter Template
- Modifying a Parameter Template
- Exporting Parameters
- Comparing Parameter Templates
- Viewing Parameter Change History
- Replicating a Parameter Template
- Resetting a Parameter Template
- Applying a Parameter Template
- Viewing Application Records of a Parameter Template
- Editing a Parameter Template Description
- Deleting a Parameter Template
- Metrics and Alarms
- Interconnection with CTS
- Log Management
- Task Center
- Managing Tags
- Managing Quotas
- Change History
- Best Practices
- Performance White Paper
- Security White Paper
- SDK Reference
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs (Recommended)
- DB Engine Version Queries
- Database Specification Queries
-
Instance Management
- Creating a DB Instance
- Querying DB Instances
- Rebooting a DB Instance
- Deleting a DB Instance
- Querying Details of a DB Instance
- Querying Details of DB Instances in Batches
- Creating a Read Replica
- Deleting a Read Replica
- Scaling up Storage of a Yearly/Monthly DB Instance
- Changing a DB Instance Name
- Resetting a Database Password
- Changing DB Instance Specifications
- Querying Dedicated Resource Pools
- Querying Dedicated Resources
- Configuring the Monitoring By Seconds Function
- Querying the Configuration of Monitoring by Seconds
- Enabling or Disabling SSL
- Binding an EIP
- Unbinding an EIP
- Promoting a Read Replica to Primary
- Changing a Maintenance Window
- Modifying a Security Group
- Changing a Private IP Address
- Changing a Database Port
- Changing a DB Instance Description
- Backup Management
- Parameter Template Management
- Quota Management
- Log Management
- Tag Management
- Database User Management
- Database Management
- SQL Statement Concurrency Control
- Task Center
- APIs (Unavailable Soon)
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
FAQs
- Product Consulting
-
Database Connections
- Can an External Server Access the GaussDB(for MySQL) Database?
- What Do I Do If the Number of GaussDB(for MySQL) Database Connections Reaches the Upper Limit?
- What Is the Maximum Number of Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS Cannot Connect to a GaussDB(for MySQL) Instance?
- How Can I Connect to a MySQL Database Through JDBC?
- How Can I Create and Connect to an ECS?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- Why Cannot I Ping My EIP After It Is Bound to a DB Instance?
- What Can I Do If the Connection Test Failed?
- Can I Access a GaussDB(for MySQL) Instance over an Intranet Connection Across Regions?
- Are There Any Potential Risks If There Are Too Many Connections to a GaussDB(for MySQL) Instance?
- What Should I Do If an ECS and a GaussDB(for MySQL) instance Deployed in Different VPCs Cannot Communicate with Each Other?
- How Do I View All IP Addresses Connected to a Database?
- Client Installation
- Database Migration
- Database Permissions
-
Database Performance
- What Should I Do If the CPU Usage of My Instance Is High?
- How Do I Handle Slow SQL Statements Caused by Inappropriate Composite Index Settings?
- How Do I Handle a Large Number of Temporary Tables Being Generated for Long Transactions and High Memory Usage?
- What Should I Do If Locks on Long Transactions Block the Execution of Subsequent Transactions?
- Database Usage
- Backups
-
Database Parameter Modification
- How Can I Change the Time Zone?
- How Do I Configure a Password Expiration Policy for GaussDB(for MySQL) Instances?
- How Do I Ensure that the Database Character Set of a GaussDB(for MySQL) Instance Is Correct?
- How Do I Use the utf8mb4 Character Set to Store Emojis in a GaussDB(for MySQL) Instance?
- How Do I Set Case Sensitivity for GaussDB(for MySQL) Table Names?
- Can I Use SQL Commands to Modify Global Parameters?
-
Network Security
- What Security Assurance Measures Does GaussDB(for MySQL) Have?
- How Can I Prevent Untrusted Source IP Addresses from Accessing GaussDB(for MySQL)?
- How Do I Configure a Security Group to Enable Access to a GaussDB(for MySQL) Instance?
- How Can I Import the Root Certificate to a Windows or Linux Server?
- How Do I Manage and Ensure GaussDB(for MySQL) Security?
- Log Management
- Version Upgrade
- Change History
-
Troubleshooting
-
Backup and Restoration Issues
- Insufficient Permissions During Data Export Using mysqldump
- How Do I use mysqlbinlog to Obtain Binlog Files?
- Canal Fails to Parse Binlogs
- Precautions for Exporting Large Tables Through mysqldump
- Commands for Exporting Data Through mysqldump
- System Inaccessible After Field Addition to a Database Table
- SQL Statements Such as SET @@SESSION.SQL_LOG_BIN Displayed After You Run mysqldump
- Insufficient Permissions Reported for Canal
-
Connection Issues
- Login Failed After ssl_type of root Is Changed to ANY
- Failed to Connect to a DB Instance Using SSL
- Description of Each IP Address
- SSL Connection Failed Due to Inconsistent TLS Versions
- Error Message "connection established slowly"
- "Access denied" Displayed During Database Connection
- Failed to Connect to a Database Using mariadb-connector in SSL Mode
- Failed to Connect to a Database as User root
- Client Automatically Disconnected from a DB Instance
- Disconnection Occurs Every 45 Days Due to the istio-citadel Certificate Mechanism
-
SQL Issues
- Invalid TIMESTAMP Default Value during Table Creation
- Failed to Change the VARCHAR Length Due to the Index Length Limit
- Slow SQL Queries After a Large Amount of Data Is Deleted from a Large Table
- Error 1366 Reported When Data Containing Emojis Is Updated
- Slow Stored Procedure Execution Due to Inconsistent Collations
- ERROR [1412] Reported for a DB Instance
- Failed to Delete a Table with a Foreign Key
- Incorrect GROUP_CONCAT Results
- Error Message "Too many keys specified" Displayed When a Secondary Index Is Created
- DISTINCT and GROUP BY Optimization
- Equivalent Comparison Failures with Floating-Point Numbers
- Tablespace Bloat
- ERROR 1396 Reported When a User Is Created
- Error Message Reported When alter table xxx discard/import tablespace Is Executed
- Native Error 1461 Reported by a DB Instance
- "Row size too large" Reported When a Table Failed to Be Created
- Parameter-related Issues
- Performance Issues
-
Basic Issues
- How Do I View Used Storage of My GaussDB(for MySQL) Instance?
- Renaming Databases and Tables
- Character Set and Collation Settings
- Auto-Increment Field Value Jump
- Starting Value and Increment of AUTO_INCREMENT
- Changing the AUTO_INCREMENT Value of a Table
- Failed to Insert Data Because Values for the Auto-increment Primary Key Field Reach the Upper Limit
- Auto-increment Field Values
- AUTO_INCREMENT Not Displayed in the Table Structure
- Impact of Creating an Empty Username
- No Scanned Rows Recorded in Slow Query Logs
- Change History
-
Backup and Restoration Issues
- Videos
On this page
Show all
Help Center/
TaurusDB/
API Reference/
Permissions Policies and Supported Actions/
Permissions Policies and Supported Actions
Permissions Policies and Supported Actions
Updated on 2023-10-18 GMT+08:00
This chapter describes fine-grained permissions management for your GaussDB(for MySQL). If your account does not need individual IAM users, then you may skip over this chapter.
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using Roles and Policies. Roles are a type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
NOTE:
Policy-based authorization is useful if you want to allow or deny the access to an API.
An account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user queries GaussDB instances using an API, the user must have been granted permissions that allow the gaussdb:instance:list action.
Supported Actions
GaussDB(for MySQL) provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permission: A statement in a policy that allows or denies certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
- IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management. For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
NOTE:
The check mark (√) indicates that an action takes effect. The cross mark (x) indicates that an action does not take effect.
Parent topic: Permissions Policies and Supported Actions
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
